69681 2011-10-07 17:39:42 -0700 Fix crash with toDataURL to JPEG 2011-10-12 21:56:53 -0700 1 1 1 Unclassified WebKit Canvas 528+ (Nightly build) Mac Unspecified RESOLVED FIXED P2 Normal --- 69991 1 jbauman jbauman darin inferno kbr mdelaney7 noel.gordon webkit.review.bot oldest_to_newest 480415 0 jbauman 2011-10-07 17:39:42 -0700 Fix crash with toDataURL to JPEG 480416 1 110236 jbauman 2011-10-07 17:41:26 -0700 Created attachment 110236 Patch 480418 2 110236 darin 2011-10-07 17:44:01 -0700 Comment on attachment 110236 Patch Can we make a test case to cover this? 480431 3 110236 webkit.review.bot 2011-10-07 18:48:31 -0700 Comment on attachment 110236 Patch Rejecting attachment 110236 from commit-queue. Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 2 Last 500 characters of output: 381db9f538a72509ddceba74bc8fa72d7ba8a196 r96996 = 597be029117bbf6b1591194e17018dff0ce3fbd4 Done rebuilding .git/svn/refs/remotes/origin/master/.rev_map.268f45cc-cd09-0410-ab3c-d52691b4dbfc First, rewinding head to replay your work on top of it... Fast-forwarded master to refs/remotes/origin/master. Updating chromium port dependencies using gclient... ________ running '/usr/bin/python gyp_webkit' in '/mnt/git/webkit-commit-queue/Source/WebKit/chromium' Updating webkit projects from gyp files... Full output: http://queues.webkit.org/results/9995417 481301 4 110439 jbauman 2011-10-10 17:01:50 -0700 Created attachment 110439 Patch 481304 5 110439 webkit.review.bot 2011-10-10 17:05:05 -0700 Comment on attachment 110439 Patch Rejecting attachment 110439 from commit-queue. jbauman@chromium.org does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/committers.py. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights. 481358 6 110439 kbr 2011-10-10 17:54:01 -0700 Comment on attachment 110439 Patch Looks good. r=me 481504 7 110439 webkit.review.bot 2011-10-11 01:27:06 -0700 Comment on attachment 110439 Patch Clearing flags on attachment: 110439 Committed r97132: <http://trac.webkit.org/changeset/97132> 481505 8 webkit.review.bot 2011-10-11 01:27:10 -0700 All reviewed patches have been landed. Closing bug. 482220 9 inferno 2011-10-11 22:27:11 -0700 This looks like a use after free bug. Can you please confirm soon so that we can merge to m15 ? Do you have a crash id or crash stack ?? 482381 10 jbauman 2011-10-12 06:35:11 -0700 This is a use after free, but it's not in M15 - it was introduced in r96000. 482975 11 noel.gordon 2011-10-12 19:55:41 -0700 (In reply to comment #2) > Can we make a test case to cover this? I reproduced with http://persistent.info/chromium/test-cases/canvas-crash.html, filed bug 69991 about creating a test case. 110236 2011-10-07 17:41:26 -0700 2011-10-10 17:01:46 -0700 Patch bug-69681-20111007174125.patch text/plain 1815 jbauman U3VidmVyc2lvbiBSZXZpc2lvbjogOTY4NTMKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCA1MTA1NWJhMjE5N2IzMDBi NGI0N2M5YmUxNWI0MDc5OTBlNTgzODkxLi4yZWNkYmFiYzVjNTYxZDNkZThjZGE0YzZmYzY5Nzhm ZmYwYjRlZGI5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTggQEAKKzIwMTEtMTAtMDcgIEpvaG4g QmF1bWFuICA8amJhdW1hbkBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgRml4IGNyYXNoIHdpdGgg dG9EYXRhVVJMIHRvIEpQRUcKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19i dWcuY2dpP2lkPTY5NjgxCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgTW92ZSBSZWZQdHIgZGVjbGFyYXRpb24gb3V0c2lkZSBpZiB0byBtYWtlIHN1cmUg aW1hZ2UgZGF0YSBzdGlsbAorICAgICAgICBleGlzdHMgdGhyb3VnaCBDR0ltYWdlVG9EYXRhVVJM LgorCisgICAgICAgIE5vIG5ldyB0ZXN0cy4gKE9PUFMhKQorCisgICAgICAgICogcGxhdGZvcm0v Z3JhcGhpY3MvY2cvSW1hZ2VCdWZmZXJDRy5jcHA6CisgICAgICAgIChXZWJDb3JlOjpJbWFnZUJ1 ZmZlcjo6dG9EYXRhVVJMKToKKwogMjAxMS0xMC0wNiAgR2F2aW4gUGV0ZXJzICA8Z2F2aW5wQGNo cm9taXVtLm9yZz4KIAogICAgICAgICBjb25kaXRpb25hbGl6ZSBtX2NhY2hlZFNjcmlwdCBzdGFj a3MgdG8ganVzdCBDaHJvbWl1bSBwb3J0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0 Zm9ybS9ncmFwaGljcy9jZy9JbWFnZUJ1ZmZlckNHLmNwcCBiL1NvdXJjZS9XZWJDb3JlL3BsYXRm b3JtL2dyYXBoaWNzL2NnL0ltYWdlQnVmZmVyQ0cuY3BwCmluZGV4IDcwYWY0ODMxMTc2M2E4OTJm ZDhmNTQyNDgzMTM0MjE3M2YwY2IwYjEuLmE1OThmYzg3YjcwMjc3M2ZkNzllNWEzMzU4NWZlOWY5 MzI5ZTEwYTcgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2Nn L0ltYWdlQnVmZmVyQ0cuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNz L2NnL0ltYWdlQnVmZmVyQ0cuY3BwCkBAIC0zNjEsMTAgKzM2MSwxMSBAQCBTdHJpbmcgSW1hZ2VC dWZmZXI6OnRvRGF0YVVSTChjb25zdCBTdHJpbmcmIG1pbWVUeXBlLCBjb25zdCBkb3VibGUqIHF1 YWxpdHkpIGNvbgogICAgIFJldGFpblB0cjxDR0ltYWdlUmVmPiBpbWFnZTsKICAgICBSZXRhaW5Q dHI8Q0ZTdHJpbmdSZWY+IHV0aSA9IHV0aUZyb21NSU1FVHlwZShtaW1lVHlwZSk7CiAgICAgQVNT RVJUKHV0aSk7CisgICAgUmVmUHRyPEJ5dGVBcnJheT4gYXJyOwogCiAgICAgaWYgKENGRXF1YWwo dXRpLmdldCgpLCBqcGVnVVRJKCkpKSB7CiAgICAgICAgIC8vIEpQRUdzIGRvbid0IGhhdmUgYW4g YWxwaGEgY2hhbm5lbCwgc28gd2UgaGF2ZSB0byBtYW51YWxseSBjb21wb3NpdGUgb24gdG9wIG9m IGJsYWNrLgotICAgICAgICBSZWZQdHI8Qnl0ZUFycmF5PiBhcnIgPSBnZXRQcmVtdWx0aXBsaWVk SW1hZ2VEYXRhKEludFJlY3QoSW50UG9pbnQoMCwgMCksIG1fc2l6ZSkpOworICAgICAgICBhcnIg PSBnZXRQcmVtdWx0aXBsaWVkSW1hZ2VEYXRhKEludFJlY3QoSW50UG9pbnQoMCwgMCksIG1fc2l6 ZSkpOwogCiAgICAgICAgIHVuc2lnbmVkIGNoYXIgKmRhdGEgPSBhcnItPmRhdGEoKTsKICAgICAg ICAgZm9yIChpbnQgaSA9IDA7IGkgPCB3aWR0aCgpICogaGVpZ2h0KCk7IGkrKykK 110439 2011-10-10 17:01:50 -0700 2011-10-11 01:27:06 -0700 Patch bug-69681-20111010170154.patch text/plain 1785 jbauman U3VidmVyc2lvbiBSZXZpc2lvbjogOTcxMDQKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCAxNWM2NzgxMDI3YjBlMDVl MmYyYWNmZGE0YWM4YTQyOTcyOWU3MDM3Li44YTk5ZmMxZWEyNDRhYTY3NmQ5MDg3ZTlkNzNlZDZk NDBlZTFjYzgyIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTYgQEAKKzIwMTEtMTAtMTAgIEpvaG4g QmF1bWFuICA8amJhdW1hbkBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgRml4IGNyYXNoIHdpdGgg dG9EYXRhVVJMIHRvIEpQRUcKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19i dWcuY2dpP2lkPTY5NjgxCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgTW92ZSBSZWZQdHIgZGVjbGFyYXRpb24gb3V0c2lkZSBpZiB0byBtYWtlIHN1cmUg aW1hZ2UgZGF0YSBzdGlsbAorICAgICAgICBleGlzdHMgdGhyb3VnaCBDR0ltYWdlVG9EYXRhVVJM LgorCisgICAgICAgICogcGxhdGZvcm0vZ3JhcGhpY3MvY2cvSW1hZ2VCdWZmZXJDRy5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjpJbWFnZUJ1ZmZlcjo6dG9EYXRhVVJMKToKKwogMjAxMS0xMC0xMCAg TmljbyBXZWJlciAgPHRoYWtpc0BjaHJvbWl1bS5vcmc+CiAKICAgICAgICAgUGx1Z2luRG9jdW1l bnRQYXJzZXIgdXNlcyBpbmNvcnJlY3Qgc3ludGF4IGZvciBiYWNrZ3JvdW5kIGNvbG9yCmRpZmYg LS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9jZy9JbWFnZUJ1ZmZlckNH LmNwcCBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2NnL0ltYWdlQnVmZmVyQ0cu Y3BwCmluZGV4IDcwYWY0ODMxMTc2M2E4OTJmZDhmNTQyNDgzMTM0MjE3M2YwY2IwYjEuLmE1OThm Yzg3YjcwMjc3M2ZkNzllNWEzMzU4NWZlOWY5MzI5ZTEwYTcgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9X ZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2NnL0ltYWdlQnVmZmVyQ0cuY3BwCisrKyBiL1NvdXJj ZS9XZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL2NnL0ltYWdlQnVmZmVyQ0cuY3BwCkBAIC0zNjEs MTAgKzM2MSwxMSBAQCBTdHJpbmcgSW1hZ2VCdWZmZXI6OnRvRGF0YVVSTChjb25zdCBTdHJpbmcm IG1pbWVUeXBlLCBjb25zdCBkb3VibGUqIHF1YWxpdHkpIGNvbgogICAgIFJldGFpblB0cjxDR0lt YWdlUmVmPiBpbWFnZTsKICAgICBSZXRhaW5QdHI8Q0ZTdHJpbmdSZWY+IHV0aSA9IHV0aUZyb21N SU1FVHlwZShtaW1lVHlwZSk7CiAgICAgQVNTRVJUKHV0aSk7CisgICAgUmVmUHRyPEJ5dGVBcnJh eT4gYXJyOwogCiAgICAgaWYgKENGRXF1YWwodXRpLmdldCgpLCBqcGVnVVRJKCkpKSB7CiAgICAg ICAgIC8vIEpQRUdzIGRvbid0IGhhdmUgYW4gYWxwaGEgY2hhbm5lbCwgc28gd2UgaGF2ZSB0byBt YW51YWxseSBjb21wb3NpdGUgb24gdG9wIG9mIGJsYWNrLgotICAgICAgICBSZWZQdHI8Qnl0ZUFy cmF5PiBhcnIgPSBnZXRQcmVtdWx0aXBsaWVkSW1hZ2VEYXRhKEludFJlY3QoSW50UG9pbnQoMCwg MCksIG1fc2l6ZSkpOworICAgICAgICBhcnIgPSBnZXRQcmVtdWx0aXBsaWVkSW1hZ2VEYXRhKElu dFJlY3QoSW50UG9pbnQoMCwgMCksIG1fc2l6ZSkpOwogCiAgICAgICAgIHVuc2lnbmVkIGNoYXIg KmRhdGEgPSBhcnItPmRhdGEoKTsKICAgICAgICAgZm9yIChpbnQgaSA9IDA7IGkgPCB3aWR0aCgp ICogaGVpZ2h0KCk7IGkrKykK